RequestHeader set X-Forwarded-Scheme https early
RequestHeader set X-Scheme https early
RequestHeader set X-Forwarded-Proto https early
ProxyPreserveHost On


{% if env == "production" %}
#
# These conditions are ANDed together and negated, and are the list of things we 
# do NOT want to use the cdn. ie, the things not going to the cdn will not match 
# here and fall through to the regular registry. Everything else will go to the cdn
#
# We don't want the cdn itself to go to the cdn, it needs to get content from origin
RewriteCond %{HTTP:VIA} !cloudfront
# We have a 'registry-no-cdn' host that we don't want to use the cdn
RewriteCond %{SERVER_NAME} !^registry-no-cdn\.fedoraproject\.org$
# We don't want some methods to go to the cdn so we can update it
RewriteCond %{REQUEST_METHOD} !^(PATCH|POST|PUT|DELETE|HEAD)$
# osbs hosts shouldn't use the cdn
RewriteCond %{REMOTE_HOST} !^osbs-*$
# builders shouldn't use the cdn for flatpak building.
RewriteCond expr "! -R '10.3.169.0/24'"
RewriteRule ^/v2/(.*)/blobs/([a-zA-Z0-9:]*) https://cdn.registry.fedoraproject.org/v2/$1/blobs/$2 [R]
{% endif %}

# This is terible, but Docker.
RewriteCond %{REQUEST_METHOD} ^(PATCH|POST|PUT|DELETE)$
{% if env == "production" %}
RewriteRule ^/v2/(.*)$ http://oci-registry02:5000/v2/$1 [P,L]
{% elif env == "staging" %}
RewriteRule ^/v2/(.*)$ http://oci-registry01:5000/v2/$1 [P,L]
{% endif %}
RewriteRule ^/v2/(.*)$ http://localhost:10048/v2/$1 [P,L]

RewriteCond "&%{QUERY_STRING}" &label(%3A|:)org.flatpak.ref(%3A|:)exists=1
RewriteCond "&%{QUERY_STRING}" &tag=testing
RewriteCond "&%{QUERY_STRING}" &architecture=([^&]+)
RewriteRule "^/index/static$" /index/flatpak-testing-%1.json [L,PT]

RewriteCond "&%{QUERY_STRING}" &annotation(%3A|:)org.flatpak.ref(%3A|:)exists=1
RewriteCond "&%{QUERY_STRING}" &tag=testing
RewriteCond "&%{QUERY_STRING}" &architecture=([^&]+)
RewriteRule "^/index/static$" /index/flatpak-testing-%1-annotations.json [L,PT]

RewriteCond "&%{QUERY_STRING}" &label(%3A|:)org.flatpak.ref(%3A|:)exists=1
RewriteCond "&%{QUERY_STRING}" &architecture=([^&]+)
RewriteRule "^/index/static$" /index/flatpak-latest-%1.json [L,PT]

RewriteCond "&%{QUERY_STRING}" &annotation(%3A|:)org.flatpak.ref(%3A|:)exists=1
RewriteCond "&%{QUERY_STRING}" &architecture=([^&]+)
RewriteRule "^/index/static$" /index/flatpak-latest-%1-annotations.json [L,PT]

RewriteCond "&%{QUERY_STRING}" &label(%3A|:)org.flatpak.ref(%3A|:)exists=1
RewriteCond "&%{QUERY_STRING}" &tag=testing
RewriteRule "^/index/static$" /index/flatpak-testing.json [L,PT]

RewriteCond "&%{QUERY_STRING}" &annotation(%3A|:)org.flatpak.ref(%3A|:)exists=1
RewriteCond "&%{QUERY_STRING}" &tag=testing
RewriteRule "^/index/static$" /index/flatpak-testing-annotations.json [L,PT]

RewriteCond "&%{QUERY_STRING}" &label(%3A|:)org.flatpak.ref(%3A|:)exists=1
RewriteRule "^/index/static$" /index/flatpak-latest.json [L,PT]

RewriteCond "&%{QUERY_STRING}" &annotation(%3A|:)org.flatpak.ref(%3A|:)exists=1
RewriteRule "^/index/static$" /index/flatpak-latest-annotations.json [L,PT]

DocumentRoot /srv/web/registry-index/

<Directory /srv/web/registry-index>
    Require all granted
</Directory>

SSLVerifyClient optional
SSLVerifyDepth 1
SSLCACertificateFile /etc/pki/httpd/registry-ca-{{env}}.cert
SSLOptions +FakeBasicAuth

<Location /v2>
  AuthName "Registry Authentication"
  AuthType Basic
  AuthUserFile /etc/httpd/conf.d/registry.fedoraproject.org/passwd

  <Limit GET HEAD>
    Require all granted
  </Limit>
</Location>

Alias "/index/" "/srv/web/registry-index/index/"
Alias "/app-icons/" "/srv/web/registry-index/icons/"
Alias "/deltas/" "/srv/web/registry-index/deltas/"
Alias "/static/" "/srv/web/registry-index/"

<Directory “/srv/web/registry-index/index/">
    Options +FollowSymLinks

    ExpiresActive on
    ExpiresDefault "access plus 30 minutes"

    AllowOverride None
    Require all granted
</Directory>

<Directory "/srv/web/registry-index/icons/">
    ExpiresActive on
    ExpiresDefault "access plus 1 year"

    AllowOverride None
    Options +Indexes
    Require all granted
</Directory>

<Directory "/srv/web/registry-index/deltas/">
    ExpiresActive on
    ExpiresDefault "access plus 1 year"

    AllowOverride None
    Options +Indexes
    Require all granted
</Directory>
